Companies unite to head off DOD

By Heather Harreld

Mar 30, 1997

In an effort to head off oversight of private networks by the Defense Department a group of blue-chip companies is reviewing the security of the networks that form the nation's critical telecommunications backbone.

The Information Technology Industry (ITI) council is leading the push to determine what new initiatives may be needed to secure networked information systems in the United States.

A broad cross-section of companies - including AT&T IBM Corp. Sun Microsystems Inc. Deloitte & Touche KPMG Peat Marwick and Compaq Computer Corp. - are among the members of the newly formed Information Security Exploratory Committee (ISEC). More than 70 other companies have expressed interest in the committee which was created at the request of the president's National Security Telecommunications Advisory Committee (NSTAC).

'Common Defense'

The committee was formed in response to a DOD task force recommendation in late 1996 that called for DOD to be given legal authority to monitor and protect nongovernmental portions of the national infrastructure such as electric utility finance and transportation information systems that could be vulnerable to electronic attacks.

In its report the task force noted that in the name of "the common defense " DOD law enforcement and intelligence agencies should have the legal authority "to conduct efficient coordinated monitoring of attacks on the critical civilian information infrastructure...." [FCW Nov. 11 1996].

Many companies want to ensure that the private sector not the government takes the leading role in protecting the nation's critical infrastructure.

The committee will explore the testing of security products guidelines for security systems auditing and education and awareness programs. The group also will examine the need for creating a security board to establish standards to improve the reliability and trustworthiness of security products and services said John Wilson ITI's vice president for technology and policy.

The committee plans to solicit even more private-sector input at a public meeting May 1 and committee members will present their recommendations on Aug. 1 he said.

The ISEC is the first private-sector effort to address the security of critical networked systems according to Duane Andrews co-chair of the Defense Science Board's Task Force on Information Warfare-Defense and an author of its report.

Task force members recognized the importance of private-sector input he said. "It's a reasonably good way to approach it " he said. "The government has been trying for several years to solve cryptography and security problems and hasn't been successful. The government was never going to be able to solve the problem for the government without private-sector support."

The government's controversial Clipper chip proposal which would have provided a "backdoor" for the federal government to access encrypted data of private companies also prompted the development of the group said Maj. Brad Bigelow government coordinator for NSTAC's NII task force.

"Industry is extremely wary of government taking a strong role " he said. "They've taken a very adversarial view of this issue."

Unlike federal government users the private sector does not have any established guidelines to follow in the event of security breaches Bigelow said.